Internet services, such as e-mail services and online banking services, require user authentication prior to providing the user with access to services. The predominant form of user authentication utilized by service provider has been based on verifying user credentials, whereby a user supplies pre-set credentials to the service provider and the service provider authenticates the user based on matching the provided credentials to a record kept by the service provider. However, despite best efforts to avoid such events, the passwords and other credentials may be stolen or otherwise compromised, and possibly may be used to illegitimately access various accounts of users. To complicate matters, in many contexts, users often utilize passwords and, generally, passcodes that have semantic meaning or, generally, are easy to guess. The use of such passwords effectively reduces the space of passwords to be searched in a cryptographic attack. Such use of single factor authentication, therefore, can lack adequate safeguards to prevent unauthorized access to data and/or other resources whose access is controlled via authentication mechanisms.